alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Apache Struts memberAccess inbound OGNL injection remote code execution attempt"; flow:to_server,established; content:"|23|_memberAccess"; fast_pattern:only; http_uri; content:"new "; nocase; http_uri; pcre:"/new\s+(java|org|sun)/Ui"; metadata: former_category WEB_SPECIFIC_APPS; reference:cve,2018-11776; classtype:attempted-admin; sid:2026035; rev:1; metadata:affected_product Apache_Struts2, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_08_24, updated_at 2018_08_24;)

Added 2018-09-13 19:55:08 UTC


Added 2018-09-13 18:02:26 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Apache Struts memberAccess inbound OGNL injection remote code execution attempt"; flow:to_server,established; content:"|23|_memberAccess"; fast_pattern:only; http_uri; content:"new "; nocase; http_uri; pcre:"/new\s+(java|org|sun)/Ui"; metadata: former_category WEB_SPECIFIC_APPS; reference:cve,2018-11776; classtype:attempted-admin; sid:2026035; rev:1; metadata:affected_product Apache_Struts2, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_08_24, updated_at 2018_08_24;)

Added 2018-08-24 17:18:09 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats